MFT Resource Center
Managed File Transfer Protocols
MFT, or managed file transfer, is the secure, automated movement of data via a central solution, helping organizations eliminate duplicate, unsecured file transfer tools. Managed file transfer covers all aspects of inbound and outbound file transfers, while adding automation and enhancing security with encryption, digital certificates & signatures, non-repudiation, and standard secure transfer protocols, as well as other security features.
In this guide, we give you a brief breakdown on one of the crucial, core features of MFT, the major MFT transport protocols. For more information on MFT, see our guide to MFT basics.
What is a Managed File Transfer Protocol?
MFT protocols are the specific data transfer technologies used by managed file transfer software to move data securely from one computer to another. Each protocol reflects a set of universal guidelines that dictate how the data is encrypted and configured while in transit. There are many types of MFT transport protocols, each created to use different types of data exchange technologies. In this guide, we cover all the major, popular protocols:
HTTPS
HTTPS stands for Hypertext Transfer Protocol Secure and is the secure version of HTTP, which is the de facto Internet data standard and is the protocol commonly used to send data between a web browser and a website. HTTPS is encrypted with SSL to increase data transfer security. The principal motivation behind HTTPS is website authentication to maintain the integrity and privacy of data exchanged while in transit.This is particularly important when users transmit sensitive data, e.g. logging into a bank account, email service, or health insurance provider.
AS1
AS1 stands for Applicability Statement 1 and specifies email Electronic Data Interchange (EDI) communications between businesses. Developed decades ago, AS1 is now deprecated and outdated, but it was a major breakthrough at its inception. AS1 brought encryption and digital signatures to emails, assuring security, authentication, message integrity, and privacy. And most importantly, AS1 was the first protocol to provide certified legal proof when a recipient got an EDI message, making it impossible for the intended recipient to deny receiving it.
AS2
AS2 stands for Applicability Statement 2 and is a B2B messaging protocol used to transmit Electronic Data Interchange (EDI) documents from one organization to another. AS2 is a universal method for transporting data used by millions of businesses worldwide, including most major retailers, such as Amazon and Walmart. AS2 specificies how to securely transport data via the Internet using HTTP/S. AS2 is a second-generation EDI protocol, created by the Internet Engineering Task Force (IETF) in 2002 to replace AS1, which uses email protocols for secure data transfers.
AS3
Developed by the IETF, Applicability Statement 3 (AS3) is an open-standards protocol promoting secure MFT data transportation and application interoperability. Like AS1 and AS2, AS3 is a specification by which applications communicate EDI data, or other information, such as XML documents, securely over the Internet. However, the big difference between AS3 and other AS protocols is its usage of FTP. Not designed to replace other protocols, AS3 was created to provide EDI communications to FTP-centric businesses that have a significant investment in FTP scripting, applications, or security.
AS4
AS4 is an interoperability protocol that simplifies and standardizes the use of web services for B2B data exchange and integration. This protocol is a relatively low-cost communications standard to implement for organizations with a minimal IT infrastructure, as it is built with a light client setup option. Note that AS4 is not created from scratch. It is the latest of a series of B2B standards that started in 2002 with ebXML, and became Oasis standard in 2013, and ISO standard now.
FTP
FTP, or File Transfer Protocol, is the oldest and simplest protocol used to send files over the Internet. FTP uses a client-server process, that starts when the client asks for the files and the server provides them. FTP is also used to download programs and other files to your computer from other servers. But FTP an unsecured protocol, requiring additional layers of security for many enterprise file transfer scenarios.The predominant options for adding security to FTP transactions is to use FTPS, SFTP, FTP over a virtual private network (VPN) or simply adding encryption, such as OpenPGP, directly to FTP file transfers.
SFTP
SFTP is essentially FTP with an added security layer, Secure Shell (SSH), developed by the Internet Engineering Task Force (IETF), which originally created FTP. The SSH layer encrypts the message while in transit and decrypts it upon arrival. SFTP requires the server to authenticate the client computer. All commands and data are encrypted to prevent passwords and other sensitive information from being exposed to the network in plain text but SFTP doesn't provide non-repudiation, which makes it unsuitable for many managed file transfer scenarios, such as EDI.
FTPS
FTPS, or FTP over SSL/TSL, adds a secure encryption layer (Secure Sockets Layer) around the FTP protocol to secure the commands and data transferred between client and server. FTPS is similar to SFTP, secured with encryption but lacking non-repudiation. It also carries some bigger drawbacks related to efficiency and the use of secure firewalls.
OFTP
OFTP stands for Odette File Transfer Protocol and is a communications technology built specifically for B2B document exchange, primarily for the European automotive industry. Consisting of just fourteen commands, it's designed for maximum efficiency and ease, enabling large transmission windows with file restart, data compression, and security. OFTP2 is the new standard from ODETTE for securely exchanging file data over the Internet.
Secure Email
Email security is vital for organizations, teams and individuals managing sensitive information or operating in regulated industries. Secured email refers specifically to encrypting the means of sending emails, the servers that email messages are stored on, and the means of retrieving data from those email servers (e.g. email clients like GMail, Outlook, and Yahoo!).
GISB/NAESB EDM
The GISB/NAESB electronic delivery mechanism (EDM), was developed with the purpose to eliminate expensive value-added Network charges while retaining the reliability and security of transactions over the Internet. It was the first HTTP-based Internet EDI transport protocol, developed in 1992. GISB is now used primarily in the energy industry for file exchanges with oil & gas companies.
Secure Copy Protocol (SCP)
Secure copy protocol, or SCP, is a network protocol that helps to securely transfer computer files between a local host and a remote host or between two remote hosts. The SCP is based on the BSD RCP protocol, which supports file transfers between hosts on a network. This protocol is somewhat similar to the FTP, but it adds security and authentication.
RosettaNet
RosettaNet is a non-profit consortium aimed at establishing standard processes for sharing business information between partners (B2B). RosettaNet is a partnership of major computer and consumer electronics, electronic components, semiconductor manufacturing, telecom, and logistics companies working to create and implement industry-wide, open e-business process standards. These standards form a common e-business language, aligning processes between supply chain partners worldwide.